At the Microsoft Management Summit, company executives have been talking up Microsoft's "bring your own device" strategy, noting how much work has gone into making it possible for companies to deploy line-of-business apps to mobile platforms. The problem is ensuring that devices that connect to corporate systems are secure enough to touch sensitive data without intruding too deeply into what employees can do with their own devices—especially ones that don't fit easily into the enterprise domain.

That's a particular problem for Windows RT, Microsoft's Windows version for ARM processors. As we've previously reported, Windows RT can't join Active Directory domains, which poses a problem for IT managers who want to deploy ARM devices as part of their enterprise. Instead, Microsoft has developed a new management client for the operating system that will give administrators some limited abilities to deploy corporate-approved applications to Windows RT devices, and give users access to a self-service portal from which they can select and download corporate apps on their own.

In a post published today on the Windows 8 engineering team's blog, Management Systems Program Manager Lead Jeffrey Sullivan described the new capability for Windows RT, which uses a connection to System Center 2012's cloud-based management infrastructure to deliver the applications to the client devices. The agent as Sullivan wrote "does most of the heavy lifting" for client administration, allowing administrators to set which users within the organization are allowed to load applications onto Windows RT devices based on their Active Directory credentials.

A new desktop Control Panel applet allows users to connect to the management infrastructure and download the client, authenticating them using their corporate e-mail address and password over a secure connection to the management service. Once connected, the agent configures the device's connection to the corporate network, periodically polls the cloud for updated applications and device setting policies pushed out by administrators, and downloads and installs line-of-business applications that users choose to install. It also gives administrators remote self-destruct on applications: "If the user or the administrator chooses to remove the device from the management infrastructure, it clears the configuration of the agent itself and disables any LOB apps the user installed from the [self-service portal]," Sullivan wrote.

The self-service portal (SSP) application for Windows 8 for ARM allows users to pick and choose which corporate line-of-business applications they download and install to their own device.

The self-service portal is exposed as a separate application—it uses the Metro interface, and allows users to scroll through available published applications to choose them for download. During his keynote at MMS, Microsoft Corporate Vice President Brad Anderson said that System Center's self-service portal would provide applications to the client two ways: administrators could "deep link" through the portal to (in the case of Windows 8) Microsoft's app store; or they could "side-load" the applications, hosting them in an internal corporate application store.

The resulting level of control is a pale imitation of the level of control Windows administrators get over the desktop. But it's focused on the BYOD dilemma, and not on corporate adoption of Windows RT devices—the management client will give IT managers some degree of comfort as Windows 8 ARM devices trickle (or as Microsoft hopes, flood) into the corporate network, but it doesn't make them full corporate citizens.

So why not make it so they can join AD domains? Because of potential security concerns? Is this a preferable solution to that problem?

Why would Windows be less secure just because the processor architecture is different? And from what I understand there is no Win32. No legacy apps. No third-party apps. This is even more secure.

Win RT might as well be Win DOA.

This has little to do with security, but the separation of corporate users and consumers. Win32 is certainly still there, just not accessible.

It seems to me as though this is a solution to gap the consumer and corporate world, and not a solution to bring Windows on ARM into enterprise.. In fact the entire solution just seems like a glorified version of citrix..

Either way, people need to get this through their heads, MS can't sell a full fledged tablet for the same price as the iPad/Android tablets without massively undercutting their existing OS market. They need to offer a paired down version of Windows that will compete in the tablet space, but at the same time cater to their existing market with a full featured product. No company in their right mind would do such a thing, so I don't see why everyone is up in arms.

Windows x86 RT development will push Windows on ARM development, and life will go on.. Maybe it won't be as successful as MS hopes, but I would be willing to wager WOA won't be DOA.

The problem is with Win RT is that it has all the downsides of no backward compatibility and not much to make up for it. What will be the advantage of buying an ARM system over an Intel system once Intel gets down to their next process shrink?

A 500-600 dollar tablet is the bar which MS has to reach (at the very least) in order to compete in the tablet space. In order to do so they are going to have to sell Windows licenses at a lower cost.

MS has to compete with consumer tablets, even if they think the OS is superior and worth more, they have to stay within the pricepoint consumers now expect.

Now imagine if they were to sell a full fledged tablet for that cost, when a large percentage of consumer users will never use and/or want these features. Consumers won't care, and enterprise users will start buying the much cheaper WOA devices instead. Its a lose lose situation, one which no business in their right mind would ever try to attempt.

So.. do you really think its laziness? Or the fact that they can do simple math?

The problem is with Win RT is that it has all the downsides of no backward compatibility and not much to make up for it. What will be the advantage of buying an ARM system over an Intel system once Intel gets down to their next process shrink?

Cost.. It is very likely WOA licenses will be much cheaper to allow manufacturers to properly compete in the tablet space.

Intel die shrinks and a move to SOC like designs is not going to change this anytime soon..

The problem is with Win RT is that it has all the downsides of no backward compatibility and not much to make up for it. What will be the advantage of buying an ARM system over an Intel system once Intel gets down to their next process shrink?

Cost.. It is very likely WOA licenses will be much cheaper to allow manufacturers to properly compete in the tablet space.

Intel die shrinks and a move to SOC like designs is not going to change this anytime soon..

Maybe cheaper x86 tablets will be sold with Windows RT? Of course they would be as limited as ARM ones.

So as not to cannibalize more expensive Windows licenses. Pretty transparently, actually.

Even assuming all this is true (as opposed to it being some technical limitation, which IMO is equally likely), who wants to join their personally owned device to a corporate domain? I don't let my domain users have admin rights, install software, and many other restrictions that would infuriate them (and me) if we were talking about our own devices.

I'm still wrapping my head around MS's use of the Metro and Classic interfaces. One half of the system is Classic (by choice?), the other half is Metro. It just leaves me wondering what MS really thinks will happen with Windows 8 in the corporate sector Will the management tool get released for Windows 7 as well, or will it require Windows 8?

Revenue, and that's the only reason. MS is unwilling to cannibalize the cash cow that is the "Pro" OS license, and the tablet market can't bear a $150 OS. They're between a rock and a hard place.

OK, then the solution would be an additional version called "Windows RT Pro" that runs on ARM, is more expensive, and supports joining AD, and possibly other features missing from the plain "Windows RT". Like installing recompiled desktop apps.

Then you will have business tablets with "Windows RT Pro", sharing the same hardware with "Windows RT" versions, but more expensive to account for the additional value.

Even better, allow the users to upgrade Windows RT to Windows RT Pro at a cost.

You could also consider the "Pro" features an add-on over the standard version, so to update you will just have to buy, download and install the special "Go Pro" app from the Windows Store.

Making the additional features available for an additional cost will prevent cannibalization, and the cheaper and simpler standard version will be able compete with the iPads.

Of course, the "free" Office copy included with WinRT will also have to be taken into account when they decide the price for the Pro version.

So, an "Windows RT Pro" version would certainly complicate things, but I think it would do more good than harm.

Ahahaha, what a classic clusterfuck by Microsoft - God, these lousy, clueless idiots are so pathetic, cannot wait when shareholders finally throw out these retarded bureaucrats.

Seriously, how the hell the monkeys around the fat bald fart justified this utter shit approach? Gee, let's make it clear to our customer that 'you cannot do this, you cannot do that, buy this, buy that, fight through the that royally broken, expensive crap called System Center 2012' etc... then ? then PROFIT!

Ahahaha, what a classic clusterfuck by Microsoft - God, these lousy, clueless idiots are so pathetic, cannot wait when shareholders finally throw out these retarded bureaucrats.

Seriously, how the hell the monkeys around the fat bald fart justified this utter shit approach? Gee, let's make it clear to our customer that 'you cannot do this, you cannot do that, buy this, buy that, fight through the that royally broken, expensive crap called System Center 2012' etc... then ? then PROFIT!

The problem is with Win RT is that it has all the downsides of no backward compatibility and not much to make up for it. What will be the advantage of buying an ARM system over an Intel system once Intel gets down to their next process shrink?

Seriously have you seen the Samsung series 7 slate? A 12 inch tablet with a core I5 CPU and pen input. It gets 3.5 hours of battery life. With more power efficient windows 8, upcoming lower power IGZO screen tech, hopefully increases in battery energy density, and Intel's die shrinks, we may not even need to settle for hobbled ARM or Medfield SoCs in tablets.

No, I'm sorry; I can't take it anymore: Why oh why does so many Metro screenshots from MS look so horrible? I know the apps are not done yet and in beta, but whoever threw together the app in the screenshot should really redo the work.

- What's up with the drop downs which seem to have been thrown out at random (they don't line up with anything)?- What do they mean, i.e. why is the first one called (I think, difficult to tell actually due to the bad design) "All Spotlight" and the second one "For my work"? What will they actually show? And Spotlight, isn't that Apple's name for searching normally?- Why is "Trips" tile almost completely hidden, whereas "Engineering" is only hidden a little bit? I know Metro uses half-hidden text as a way to indicate that there is more to see on the side, but half-hidden tiles where you hide more on one side than on the other?- Why do you have colored tiles for the stuff in the middle, but the tiles at the top right have transparent background tiles, only visible when selected?

Ok, now I feel better. I'm still curious about using Windows 8 on a tablet (I have it on my desktop where I think it fails; with 2560x1440 resolution the start menu with the tiles looks ridiculous, and working with a mouse it feels quite cumbersome), but I sincerely hope they'll make sure the apps look much better and more consistent than what I've seen so far; the only consistency I see is that you have colored tiles and big fonts, but that is only a superficial consistency, instead of something where there is consistency in how apps work and the UI are put together.

Revenue, and that's the only reason. MS is unwilling to cannibalize the cash cow that is the "Pro" OS license, and the tablet market can't bear a $150 OS. They're between a rock and a hard place.

OK, then the solution would be an additional version called "Windows RT Pro" that runs on ARM, is more expensive, and supports joining AD, and possibly other features missing from the plain "Windows RT". Like installing recompiled desktop apps.

Then you will have business tablets with "Windows RT Pro", sharing the same hardware with "Windows RT" versions, but more expensive to account for the additional value.

I think MS is just trying to have things both ways, they want to use Windows 8 to protect and expand their existing business model from Apple & Google while simultaneously adopting the same business model as both Apple by profiting off the app store and Google by driving people to MS services.

WOA in dead to the enterprise, especially since the user of the device can sever the device management and x86 Windows Tablets will still be too expensive for enterprises.

MS seems to be in another reality and don't seem to understand there are alot of iPads and Androids in the enterprise already and companies are managing them somehow already. Why would any business buy a ultrabook, when buying a decent laptop and a iPad would be about the same or cheaper and is what most people really want anyways.

MS also seems to fail to understand that the BYOD dilemma was caused by people wanting to use Apple and Android products over Blackberry and MS products.

Which is why there is no MS BYOD dilemma that exists that I am aware of, I guess that is why MS had to create a BYOD dilemma for MS products, so they could come up with a solution for it.

Presumably x86/x64 Windows 8 devices have the same "Company Apps"/Exchange ActiveSync support, so that BYOD users with Intel-based tablets have the same experience?

A single device can have a number of ActiveSync policies applied to it (which the blog article also talks about). Active Directory membership is a single binary state, so it's not like domain membership is really an option for devices that users own themselves.

MS seems to be in another reality and don't seem to understand there are alot of iPads and Androids in the enterprise already and companies are managing them somehow already. Why would any business buy a ultrabook, when buying a decent laptop and a iPad would be about the same or cheaper and is what most people really want anyways.

I don't think x86 tablets will be grossly more expensive. Maybe $100 more than comparable Android tablets... if that.

Ahahaha, what a classic clusterfuck by Microsoft - God, these lousy, clueless idiots are so pathetic, cannot wait when shareholders finally throw out these retarded bureaucrats.

Seriously, how the hell the monkeys around the fat bald fart justified this utter shit approach? Gee, let's make it clear to our customer that 'you cannot do this, you cannot do that, buy this, buy that, fight through the that royally broken, expensive crap called System Center 2012' etc... then ? then PROFIT!

I would imagine the main target audience (in Microsoft's eyes) for these Windows tablets in the enterprise space would be people with pockets deep enough to purchase a large number of them to service a majority of their business. These are the same people who also probably keep everything secured with an intricate organization of Active Directory or some other centralized management system. I can somewhat understand Microsoft's decision (not really) but I think they are missing a HUGE market, I would say their main market.

Until Windows RT supports AD I don't see many large organizations running to MS for their tablet needs. If this was earlier in the game and it was happening at the same time the iPad was release there might have been an option to keep it more consumer oriented like the iPad. At this stage of the game though, if there are two platforms that have the same basic levels of management (and nothing higher) people will go with what they are familiar with (iPad) versus rolling the dice on a yet-to-be-proven platform (Windows 8/RT).

Looks to me like Win RT is to have low-cost tablets that compete with Androids and are sold to consumers. What this brings is the ability for consumers to bring those tablets to work, and run some corporate apps on them. They aren't trying to sell these to corporations. For corps, they promote full Win 8 on Intel tablets at a much higher price.

I see that the angle of this security is keeping a company safe from rogue devices, but is there no consideration for keeping my apps and data safe from the IT dept?

what if they create a corporate app, find an excuse to make it mandatory (e.g it's the only way to punch your timesheet) but the app has backdoor stuff to check on your porn browsing history?

Since it's for WinRT (formerly known as WOA) it will only run Metro apps, which are segregated and can't be accessed by each other (like Windows Phone) so this isn't a concern. Unless you hand over your device to the IT department they're not going to be able to access your porn browsing history.

A 500-600 dollar tablet is the bar which MS has to reach (at the very least) in order to compete in the tablet space. In order to do so they are going to have to sell Windows licenses at a lower cost.

MS has to compete with consumer tablets, even if they think the OS is superior and worth more, they have to stay within the pricepoint consumers now expect.

Now imagine if they were to sell a full fledged tablet for that cost, when a large percentage of consumer users will never use and/or want these features. Consumers won't care, and enterprise users will start buying the much cheaper WOA devices instead. Its a lose lose situation, one which no business in their right mind would ever try to attempt.

So.. do you really think its laziness? Or the fact that they can do simple math?

That is how tech companies become irrelevant. MS knows this, they did it to IBM, Novell, etc. MS specifically came out with cheaper products to destroy other companies, see: Office, Netscape, Bing. Now Android and iOS have turned the tables. MS can protect their current franchises or cannibalize them for their future. They've chosen to play defense, which never succeeds long term. They'll make a lot of money for the meantime, however, and I'm sure they'll be a profitable business services company for decades still.

To be charitable, they haven't figured mobile out. They continue to undermine their mobile efforts to protect their other businesses.